From f48f6f07675718e7d99c1d8bace5609a83d52684 Mon Sep 17 00:00:00 2001 From: Ylian Saint-Hilaire Date: Thu, 8 Oct 2020 14:25:16 -0700 Subject: [PATCH] CIRA fix. --- amt/amt-wsman-comm.js | 12 +++++++--- amtmanager.js | 6 ++--- apfserver.js | 1 + mpsserver.js | 53 +++++++++++++++++++++++++++---------------- 4 files changed, 47 insertions(+), 25 deletions(-) diff --git a/amt/amt-wsman-comm.js b/amt/amt-wsman-comm.js index 4570489c..7e50c320 100644 --- a/amt/amt-wsman-comm.js +++ b/amt/amt-wsman-comm.js @@ -348,7 +348,7 @@ var CreateWsmanComm = function (host, port, user, pass, tls, tlsoptions, transpo if (isNaN(s)) s = 500; if (s == 401 && ++(obj.authcounter) < 3) { obj.challengeParams = obj.parseDigest(header['www-authenticate']); // Set the digest parameters, after this, the socket will close and we will auto-retry - if (obj.transportServer == null) { obj.socket.end(); } + if (obj.transportServer == null) { obj.socket.end(); } else { obj.socket.close(); } } else { var r = obj.pendingAjaxCall.shift(); if (r == null || r.length < 1) { console.log("pendingAjaxCall error, " + r); return; } @@ -364,7 +364,10 @@ var CreateWsmanComm = function (host, port, user, pass, tls, tlsoptions, transpo obj.xxOnSocketClosed = function () { //obj.Debug("xxOnSocketClosed"); obj.socketState = 0; - if ((obj.transportServer == null) && (obj.socket != null)) { obj.socket.destroy(); obj.socket = null; } + if (obj.socket != null) { + if (obj.transportServer == null) { obj.socket.destroy(); } else { obj.socket.close(); } + obj.socket = null; + } if (obj.pendingAjaxCall.length > 0) { var r = obj.pendingAjaxCall.shift(), retry = r[5]; setTimeout(function () { obj.PerformAjaxExNodeJS2(r[0], r[1], r[2], r[3], r[4], --retry) }, 500); // Wait half a second and try again @@ -372,7 +375,10 @@ var CreateWsmanComm = function (host, port, user, pass, tls, tlsoptions, transpo } obj.xxOnSocketTimeout = function () { - if ((obj.transportServer == null) && (obj.socket != null)) { obj.socket.destroy(); obj.socket = null; } + if (obj.socket != null) { + if (obj.transportServer == null) { obj.socket.destroy(); } else { obj.socket.close(); } + obj.socket = null; + } } // NODE.js specific private method diff --git a/amtmanager.js b/amtmanager.js index 76a17e8f..e19bf90b 100644 --- a/amtmanager.js +++ b/amtmanager.js @@ -44,7 +44,7 @@ module.exports.CreateAmtManager = function(parent) { // React to nodes connecting and disconnecting if (event.action == 'nodeconnect') { if ((event.conn & 14) != 0) { // connectType: Bitmask, 1 = MeshAgent, 2 = Intel AMT CIRA, 4 = Intel AMT local, 8 = Intel AMT Relay, 16 = MQTT - if ((event.conn & 2) == 0) return // Debug: Only look at CIRA connections ***************************** + //if ((event.conn & 2) == 0) return // Debug: Only look at CIRA connections ***************************** // We have an OOB connection to Intel AMT, update our information var dev = obj.amtDevices[event.nodeid]; @@ -265,7 +265,7 @@ module.exports.CreateAmtManager = function(parent) { } function attemptLocalConnectResponse(stack, name, responses, status) { - console.log('attemptLocalConnectResponse', status); + //console.log('attemptLocalConnectResponse', status); // Release active connection to this host. delete obj.activeLocalConnections[stack.wsman.comm.host]; @@ -285,7 +285,7 @@ module.exports.CreateAmtManager = function(parent) { dev.aquired.user = stack.wsman.comm.user; dev.aquired.pass = stack.wsman.comm.pass; dev.aquired.lastContact = Date.now(); - dev.aquired.tls = stack.wsman.comm.xtls; + if (dev.conntype == 1) { dev.aquired.tls = stack.wsman.comm.xtls; } // Only set the TLS state if on local mode. When using CIRA, this is auto-detected. if (stack.wsman.comm.xtls == 1) { dev.aquired.hash = stack.wsman.comm.xtlsCertificate.fingerprint.split(':').join('').toLowerCase(); } else { delete dev.aquired.hash; } //console.log(dev.nodeid, dev.name, dev.host, dev.aquired); UpdateDevice(dev); diff --git a/apfserver.js b/apfserver.js index 26f26253..52eba685 100644 --- a/apfserver.js +++ b/apfserver.js @@ -479,6 +479,7 @@ module.exports.CreateApfServer = function (parent, db, args) { if (cirachannel.state > 0) { cirachannel.state = 0; if (cirachannel.onStateChange) { cirachannel.onStateChange(cirachannel, cirachannel.state); } + SendChannelClose(cirachannel.socket, cirachannel.amtchannelid); delete socket.tag.channels[RecipientChannel]; } return 5; diff --git a/mpsserver.js b/mpsserver.js index 58add1e9..3a019112 100644 --- a/mpsserver.js +++ b/mpsserver.js @@ -236,7 +236,7 @@ module.exports.CreateMpsServer = function (parent, db, args, certificates) { socket.on('timeout', () => { ciraTimeoutCount++; parent.debug('mps', "CIRA timeout, disconnecting."); try { socket.end(); } catch (e) { } }); socket.addListener('data', function (data) { - if (args.mpsdebug) { var buf = Buffer.from(data, 'binary'); console.log("MPS <-- (" + buf.length + "):" + buf.toString('hex')); } // Print out received bytes + if (args.mpsdebug) { var buf = Buffer.from(data, 'binary'); console.log("MPS --> (" + buf.length + "):" + buf.toString('hex')); } // Print out received bytes socket.tag.accumulator += data; // Detect if this is an HTTPS request, if it is, return a simple answer and disconnect. This is useful for debugging access to the MPS port. @@ -393,13 +393,13 @@ module.exports.CreateMpsServer = function (parent, db, args, certificates) { switch (cmd) { case APFProtocol.KEEPALIVE_REQUEST: { if (len < 5) return 0; - parent.debug('mpscmd', 'KEEPALIVE_REQUEST'); + parent.debug('mpscmd', '--> KEEPALIVE_REQUEST'); SendKeepAliveReply(socket, common.ReadInt(data, 1)); return 5; } case APFProtocol.KEEPALIVE_REPLY: { if (len < 5) return 0; - parent.debug('mpscmd', 'KEEPALIVE_REPLY'); + parent.debug('mpscmd', '--> KEEPALIVE_REPLY'); return 5; } case APFProtocol.PROTOCOLVERSION: { @@ -408,7 +408,7 @@ module.exports.CreateMpsServer = function (parent, db, args, certificates) { socket.tag.MajorVersion = common.ReadInt(data, 1); socket.tag.MinorVersion = common.ReadInt(data, 5); socket.tag.SystemId = guidToStr(common.rstr2hex(data.substring(13, 29))).toLowerCase(); - parent.debug('mpscmd', 'PROTOCOLVERSION', socket.tag.MajorVersion, socket.tag.MinorVersion, socket.tag.SystemId); + parent.debug('mpscmd', '--> PROTOCOLVERSION', socket.tag.MajorVersion, socket.tag.MinorVersion, socket.tag.SystemId); return 93; } case APFProtocol.USERAUTH_REQUEST: { @@ -426,7 +426,7 @@ module.exports.CreateMpsServer = function (parent, db, args, certificates) { password = data.substring(18 + usernameLen + serviceNameLen + methodNameLen, 18 + usernameLen + serviceNameLen + methodNameLen + passwordLen); } //console.log('MPS:USERAUTH_REQUEST user=' + username + ', service=' + serviceName + ', method=' + methodName + ', password=' + password); - parent.debug('mpscmd', 'USERAUTH_REQUEST user=' + username + ', service=' + serviceName + ', method=' + methodName + ', password=' + password); + parent.debug('mpscmd', '--> USERAUTH_REQUEST user=' + username + ', service=' + serviceName + ', method=' + methodName + ', password=' + password); // Check the CIRA password if ((args.mpspass != null) && (password != args.mpspass)) { incorrectPasswordCount++; parent.debug('mps', 'Incorrect password', username, password); SendUserAuthFail(socket); return -1; } @@ -553,7 +553,7 @@ module.exports.CreateMpsServer = function (parent, db, args, certificates) { var xserviceNameLen = common.ReadInt(data, 1); if (len < 5 + xserviceNameLen) return 0; var xserviceName = data.substring(5, 5 + xserviceNameLen); - parent.debug('mpscmd', 'SERVICE_REQUEST', xserviceName); + parent.debug('mpscmd', '--> SERVICE_REQUEST', xserviceName); if (xserviceName == "pfwd@amt.intel.com") { SendServiceAccept(socket, "pfwd@amt.intel.com"); } if (xserviceName == "auth@amt.intel.com") { SendServiceAccept(socket, "auth@amt.intel.com"); } return 5 + xserviceNameLen; @@ -570,7 +570,7 @@ module.exports.CreateMpsServer = function (parent, db, args, certificates) { if (len < 14 + requestLen + addrLen) return 0; var addr = data.substring(10 + requestLen, 10 + requestLen + addrLen); var port = common.ReadInt(data, 10 + requestLen + addrLen); - parent.debug('mpscmd', 'GLOBAL_REQUEST', request, addr + ':' + port); + parent.debug('mpscmd', '--> GLOBAL_REQUEST', request, addr + ':' + port); ChangeHostname(socket, addr, socket.tag.SystemId); if (socket.tag.boundPorts.indexOf(port) == -1) { socket.tag.boundPorts.push(port); } SendTcpForwardSuccessReply(socket, port); @@ -582,7 +582,7 @@ module.exports.CreateMpsServer = function (parent, db, args, certificates) { if (len < 14 + requestLen + addrLen) return 0; var addr = data.substring(10 + requestLen, 10 + requestLen + addrLen); var port = common.ReadInt(data, 10 + requestLen + addrLen); - parent.debug('mpscmd', 'GLOBAL_REQUEST', request, addr + ':' + port); + parent.debug('mpscmd', '--> GLOBAL_REQUEST', request, addr + ':' + port); var portindex = socket.tag.boundPorts.indexOf(port); if (portindex >= 0) { socket.tag.boundPorts.splice(portindex, 1); } SendTcpForwardCancelReply(socket); @@ -600,7 +600,7 @@ module.exports.CreateMpsServer = function (parent, db, args, certificates) { var oport = common.ReadInt(data, 18 + requestLen + addrLen + oaddrLen); var datalen = common.ReadInt(data, 22 + requestLen + addrLen + oaddrLen); if (len < 26 + requestLen + addrLen + oaddrLen + datalen) return 0; - parent.debug('mpscmd', 'GLOBAL_REQUEST', request, addr + ':' + port, oaddr + ':' + oport, datalen); + parent.debug('mpscmd', '--> GLOBAL_REQUEST', request, addr + ':' + port, oaddr + ':' + oport, datalen); // TODO return 26 + requestLen + addrLen + oaddrLen + datalen; } @@ -630,7 +630,7 @@ module.exports.CreateMpsServer = function (parent, db, args, certificates) { var SourcePort = common.ReadInt(data, 29 + ChannelTypeLength + TargetLen + SourceLen); channelOpenCount++; - parent.debug('mpscmd', 'CHANNEL_OPEN', ChannelType, SenderChannel, WindowSize, Target + ':' + TargetPort, Source + ':' + SourcePort); + parent.debug('mpscmd', '--> CHANNEL_OPEN', ChannelType, SenderChannel, WindowSize, Target + ':' + TargetPort, Source + ':' + SourcePort); // Check if we understand this channel type //if (ChannelType.toLowerCase() == "direct-tcpip") @@ -661,7 +661,7 @@ module.exports.CreateMpsServer = function (parent, db, args, certificates) { cirachannel.amtchannelid = SenderChannel; cirachannel.sendcredits = cirachannel.amtCiraWindow = WindowSize; channelOpenConfirmCount++; - parent.debug('mpscmd', 'CHANNEL_OPEN_CONFIRMATION', RecipientChannel, SenderChannel, WindowSize); + parent.debug('mpscmd', '--> CHANNEL_OPEN_CONFIRMATION', RecipientChannel, SenderChannel, WindowSize); if (cirachannel.closing == 1) { // Close this channel SendChannelClose(cirachannel.socket, cirachannel.amtchannelid); @@ -693,7 +693,7 @@ module.exports.CreateMpsServer = function (parent, db, args, certificates) { var RecipientChannel = common.ReadInt(data, 1); var ReasonCode = common.ReadInt(data, 5); channelOpenFailCount++; - parent.debug('mpscmd', 'CHANNEL_OPEN_FAILURE', RecipientChannel, ReasonCode); + parent.debug('mpscmd', '--> CHANNEL_OPEN_FAILURE', RecipientChannel, ReasonCode); var cirachannel = socket.tag.channels[RecipientChannel]; if (cirachannel == null) { console.log("MPS Error in CHANNEL_OPEN_FAILURE: Unable to find channelid " + RecipientChannel); return 17; } if (cirachannel.state > 0) { @@ -708,13 +708,14 @@ module.exports.CreateMpsServer = function (parent, db, args, certificates) { if (len < 5) return 0; var RecipientChannel = common.ReadInt(data, 1); channelCloseCount++; - parent.debug('mpscmd', 'CHANNEL_CLOSE', RecipientChannel); + parent.debug('mpscmd', '--> CHANNEL_CLOSE', RecipientChannel); var cirachannel = socket.tag.channels[RecipientChannel]; if (cirachannel == null) { console.log("MPS Error in CHANNEL_CLOSE: Unable to find channelid " + RecipientChannel); return 5; } socket.tag.activetunnels--; if (cirachannel.state > 0) { cirachannel.state = 0; if (cirachannel.onStateChange) { cirachannel.onStateChange(cirachannel, cirachannel.state); } + SendChannelClose(cirachannel.socket, cirachannel.amtchannelid); delete socket.tag.channels[RecipientChannel]; } return 5; @@ -727,7 +728,7 @@ module.exports.CreateMpsServer = function (parent, db, args, certificates) { var cirachannel = socket.tag.channels[RecipientChannel]; if (cirachannel == null) { console.log("MPS Error in CHANNEL_WINDOW_ADJUST: Unable to find channelid " + RecipientChannel); return 9; } cirachannel.sendcredits += ByteToAdd; - parent.debug('mpscmd', 'CHANNEL_WINDOW_ADJUST', RecipientChannel, ByteToAdd, cirachannel.sendcredits); + parent.debug('mpscmd', '--> CHANNEL_WINDOW_ADJUST', RecipientChannel, ByteToAdd, cirachannel.sendcredits); if (cirachannel.state == 2 && cirachannel.sendBuffer != null) { // Compute how much data we can send if (cirachannel.sendBuffer.length <= cirachannel.sendcredits) { @@ -751,7 +752,7 @@ module.exports.CreateMpsServer = function (parent, db, args, certificates) { var RecipientChannel = common.ReadInt(data, 1); var LengthOfData = common.ReadInt(data, 5); if (len < (9 + LengthOfData)) return 0; - parent.debug('mpscmddata', 'CHANNEL_DATA', RecipientChannel, LengthOfData); + parent.debug('mpscmddata', '--> CHANNEL_DATA', RecipientChannel, LengthOfData); var cirachannel = socket.tag.channels[RecipientChannel]; if (cirachannel == null) { console.log("MPS Error in CHANNEL_DATA: Unable to find channelid " + RecipientChannel); return 9 + LengthOfData; } cirachannel.amtpendingcredits += LengthOfData; @@ -767,14 +768,14 @@ module.exports.CreateMpsServer = function (parent, db, args, certificates) { if (len < 7) return 0; var ReasonCode = common.ReadInt(data, 1); disconnectCommandCount++; - parent.debug('mpscmd', 'DISCONNECT', ReasonCode); + parent.debug('mpscmd', '--> DISCONNECT', ReasonCode); try { delete obj.ciraConnections[socket.tag.nodeid]; } catch (e) { } obj.parent.ClearConnectivityState(socket.tag.meshid, socket.tag.nodeid, 2); return 7; } default: { - parent.debug('mpscmd', 'Unknown CIRA command: ' + cmd); + parent.debug('mpscmd', '--> Unknown CIRA command: ' + cmd); return -1; } } @@ -789,6 +790,7 @@ module.exports.CreateMpsServer = function (parent, db, args, certificates) { socket.addListener('error', function () { socketErrorCount++; + parent.debug('mps', 'CIRA connection error'); //console.log("MPS Error: " + socket.remoteAddress); }); @@ -802,33 +804,40 @@ module.exports.CreateMpsServer = function (parent, db, args, certificates) { }; function SendServiceAccept(socket, service) { + parent.debug('mpscmd', '<-- SERVICE_ACCEPT', service); Write(socket, String.fromCharCode(APFProtocol.SERVICE_ACCEPT) + common.IntToStr(service.length) + service); } function SendTcpForwardSuccessReply(socket, port) { + parent.debug('mpscmd', '<-- REQUEST_SUCCESS', port); Write(socket, String.fromCharCode(APFProtocol.REQUEST_SUCCESS) + common.IntToStr(port)); } function SendTcpForwardCancelReply(socket) { + parent.debug('mpscmd', '<-- REQUEST_SUCCESS'); Write(socket, String.fromCharCode(APFProtocol.REQUEST_SUCCESS)); } /* function SendKeepAliveRequest(socket, cookie) { + parent.debug('mpscmd', '<-- KEEPALIVE_REQUEST', cookie); Write(socket, String.fromCharCode(APFProtocol.KEEPALIVE_REQUEST) + common.IntToStr(cookie)); } */ function SendKeepAliveReply(socket, cookie) { + parent.debug('mpscmd', '<-- KEEPALIVE_REPLY', cookie); Write(socket, String.fromCharCode(APFProtocol.KEEPALIVE_REPLY) + common.IntToStr(cookie)); } function SendChannelOpenFailure(socket, senderChannel, reasonCode) { + parent.debug('mpscmd', '<-- CHANNEL_OPEN_FAILURE', senderChannel, reasonCode); Write(socket, String.fromCharCode(APFProtocol.CHANNEL_OPEN_FAILURE) + common.IntToStr(senderChannel) + common.IntToStr(reasonCode) + common.IntToStr(0) + common.IntToStr(0)); } /* function SendChannelOpenConfirmation(socket, recipientChannelId, senderChannelId, initialWindowSize) { + parent.debug('mpscmd', '<-- CHANNEL_OPEN_CONFIRMATION', recipientChannelId, senderChannelId, initialWindowSize); Write(socket, String.fromCharCode(APFProtocol.CHANNEL_OPEN_CONFIRMATION) + common.IntToStr(recipientChannelId) + common.IntToStr(senderChannelId) + common.IntToStr(initialWindowSize) + common.IntToStr(-1)); } */ @@ -836,33 +845,39 @@ module.exports.CreateMpsServer = function (parent, db, args, certificates) { function SendChannelOpen(socket, direct, channelid, windowsize, target, targetport, source, sourceport) { var connectionType = ((direct == true) ? 'direct-tcpip' : 'forwarded-tcpip'); if ((target == null) || (target == null)) target = ''; // TODO: Reports of target being undefined that causes target.length to fail. This is a hack. + parent.debug('mpscmd', '<-- CHANNEL_OPEN', connectionType, channelid, windowsize, target + ':' + targetport, source + ':' + sourceport); Write(socket, String.fromCharCode(APFProtocol.CHANNEL_OPEN) + common.IntToStr(connectionType.length) + connectionType + common.IntToStr(channelid) + common.IntToStr(windowsize) + common.IntToStr(-1) + common.IntToStr(target.length) + target + common.IntToStr(targetport) + common.IntToStr(source.length) + source + common.IntToStr(sourceport)); } function SendChannelClose(socket, channelid) { + parent.debug('mpscmd', '<-- CHANNEL_CLOSE', channelid); Write(socket, String.fromCharCode(APFProtocol.CHANNEL_CLOSE) + common.IntToStr(channelid)); } function SendChannelData(socket, channelid, data) { + parent.debug('mpscmddata', '<-- CHANNEL_DATA', channelid, data.length); Write(socket, String.fromCharCode(APFProtocol.CHANNEL_DATA) + common.IntToStr(channelid) + common.IntToStr(data.length) + data); } function SendChannelWindowAdjust(socket, channelid, bytestoadd) { - parent.debug('mpscmd', 'SendChannelWindowAdjust', channelid, bytestoadd); + parent.debug('mpscmd', '<-- CHANNEL_WINDOW_ADJUST', channelid, bytestoadd); Write(socket, String.fromCharCode(APFProtocol.CHANNEL_WINDOW_ADJUST) + common.IntToStr(channelid) + common.IntToStr(bytestoadd)); } /* function SendDisconnect(socket, reasonCode) { + parent.debug('mpscmd', '<-- DISCONNECT', reasonCode); Write(socket, String.fromCharCode(APFProtocol.DISCONNECT) + common.IntToStr(reasonCode) + common.ShortToStr(0)); } */ function SendUserAuthFail(socket) { + parent.debug('mpscmd', '<-- USERAUTH_FAILURE'); Write(socket, String.fromCharCode(APFProtocol.USERAUTH_FAILURE) + common.IntToStr(8) + 'password' + common.ShortToStr(0)); } function SendUserAuthSuccess(socket) { + parent.debug('mpscmd', '<-- USERAUTH_SUCCESS'); Write(socket, String.fromCharCode(APFProtocol.USERAUTH_SUCCESS)); } @@ -870,7 +885,7 @@ module.exports.CreateMpsServer = function (parent, db, args, certificates) { if (args.mpsdebug) { // Print out sent bytes var buf = Buffer.from(data, 'binary'); - console.log('MPS --> (' + buf.length + '):' + buf.toString('hex')); + console.log('MPS <-- (' + buf.length + '):' + buf.toString('hex')); socket.write(buf); } else { socket.write(Buffer.from(data, 'binary'));